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Reply to Office Action of April 28, 2009 



V AINSTEIN et al 
Appl. No. 10/676,474 



Remarks 

Reconsideration of this Application is respectfully requested. 

Upon entry of the foregoing amendment, claims 1-28 are pending in the 
application, with claims 1, 14, 21, 27, and 28 being the independent claims. Claims 1, 2, 
11, 12, 14, 18-24, and 26-28 are sought to be amended for clarity. Support for the 
amendments is found at least at, for example, paragraphs [0009] [0010], [0017] - [0019], 
[0034], [0036], [0054], [0081], and [0093] of the instant specification. These 
amendments should be entered after final because they merely clarify implicit features, 
do not require further search or consideration by the Examiner, and they place the claims 
in better condition for allowance and/or reduce the issues for appeal. 

Based on the above amendment and the following remarks, Applicants 
respectfully request that the Examiner reconsider all outstanding rejections and that they 
be withdrawn. 

Rejection under 35 U.S.C. §102 

The Examiner rejected claims 1-9, 11, 13-18 and 27 under 35 U.S.C. § 102(e) as 
allegedly being anticipated by U.S. Patent No. 6,584,466 to Serbinis et al. ("Serbinis"). 

With regard to the Examiner's response on pages 2-5 of the Office Action to 
Applicants' previously- submitted arguments and the statements on pages 6-11 of the 
Office Action in which the Examiner continues to characterize Serbinis as disclosing all 
of the features recited in claims 1-9, 11, 13-18 and 27 , Applicants disagree and traverse 
for the reasons stated below. 
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Applicants respectfully remind the Examiner that anticipation under 35 ILS.C. § 
102 requires showing the presence in a single prior art reference disclosure of each and 
every element of the claimed invention, arranged as in the claim. See Lindemann 
Maschinenfabrik GMBH v. American Hoist & Derrick, 221 U.S.P.Q. 481, 485 (Fed. Cir. 
1984). Applicants submit that Serbinis does not disclose at least the distinguishing 
features of claims 1-9, 11, 13-18, and 27. 

Claim 1 recites features that distinguish over Serbinis. For example, claim 1 as 
amended herein recites, among other features: 

a policy system configured to enable the processor to store at least 
one process-driven security policy on a computer readable storage 
medium, wherein the process-driven security policy includes a plurality 
°f different states and transition rules, and wherein each of the states is 
associated with one or more access restrictions, and wherein each of the 
states has distinct access restrictions, and wherein the transition rules 
specify circumstances under which a secured document is to transition 
from one state to another; and 

an access manager configured to enable the processor to access the 
process-driven security policy and determine whether access to a secured 
document is permitted by a requestor based on the policy state associated 
therewith at the time access is requested and the corresponding one or 
more access restrictions thereof for the process-driven security policy 

(emphasis added). 

Serbinis does not describe each and every element as set forth in claim 1. 
Serbinis fails to teach or suggest at least one process-driven security policy, wherein the 
process-driven security policy includes a plurality of different states and transition rules, 
and wherein each of the states is associated with one or more access restrictions, and 
wherein each of the states has distinct access restrictions, as recited in claim 1. Serbinis 
discusses how "[s]tates for a document instance include "pending," "active," "archived," 
"canceled" and "deleted"" (Serbinis, col. 7, In. 67 - col. 8, In. 1). However, Serbinis 
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describes that "[d]ocument instances are marked "canceled" when an Authorized User 
(typically the Originator) forces a document to expire before the expiration time" and 
that "fcjanceled document instances then are treated like archived document 
instances" (Serbinis, col. 8, Ins. 26-31) (emphasis added). Even assuming arguendo that 
Serbinis' document instance states are analogous to the process-driven security policy 
states recited in claim 1, each of Serbinis 1 document instance states clearly do not have 
distinct access restrictions, as recited in claim 1. As recited in claim 1, "the process- 
driven security policy includes a plurality of different states and transition rules", "each 
of the states is associated with one or more access restrictions", "each of the states has 
distinct access restrictions", and "the transition rules specify circumstances under which 
a secured document is to transition from one state to another". In contrast, in Serbinis 1 
system, at least two of the document instance states (e.g., "canceled" and "archived") are 
treated identically (Serbinis, col. 8, Ins. 26-31). Therefore, the canceled and archived 
document instance states in Serbinis are not different states wherein each of the states 
has distinct access restrictions, as recited in claim 1. Thus, Serbinis fails to disclose, 
teach or suggest at least one process-driven security policy on a computer readable 
storage medium, wherein the process-driven security policy includes a plurality of 
different states and transition rules, and wherein each of the states is associated with one 
or more access restrictions, and wherein each of the states has distinct access restrictions, 
as recited in claim 1 . 

Moreover, although Serbinis describes that "[d]ocument instances with a 
"pending" state have an active date/time that specifies the time at which the state of the 
document instance should be changed to "active"" (Serbinis, col. 8, Ins. 5-8), Applicants 
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submit that triggering a change from a pending state to an active state based solely on 
time is not analogous to transition rules that specify circumstances under which a secured 
document is to transition from one state to another, as recited in claim 1 . A non-limiting 
example of transition rules is provided in the instant specification at, for example 
paragraph [0049], where it is disclosed that in an embodiment, a "file can transition 
between the various states of the process-driven security policy 100 in a controlled 
manner", "[o]ften, the process-driven security policy 100 defines the transitions that are 
permissible", "the state transitions are event-driven", and "some events can be triggered 
or initiated by user or administrator interaction. In contrast to what is recited in claim 1, 
Serbinis f document management service (DMS) "automatically modifies the state of a 
document instance based on its current state, the active date/time, and expiration 
date/time" (Serbinis, col. 7, Ins. 63-65). In Serbinis 1 DMS system, a document instance 
transitions based only when "expiry date" is reached, "when the expiration time is 
reached", "after a pre-determined amount of time", or "when an Authorized User 
(typically the Originator) forces a document to expire before the expiration time" 
(Serbinis, col. 7, Ins. 32-37, col. 8, Ins. 12-29). Thus, Serbinis is limited to automatic 
modification of a state of a document instance based on the document instance's state, 
active date/time, and expiration date/time. Serbinis does not teach or suggest a process- 
driven security policy including a plurality of different states and transition rules, 
wherein the transition rules specify circumstances under which a secured document is to 
transition from one state to another, as recited in claim 1. In contrast, in Serbinis* 
system, secured documents do not transition from one state to another as a result of a 
process-driven security policy; rather "[t]he state of these documents is changed to 
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"deleted" after a pre-determined amount of time" (Serbinis, col. 8, Ins. 18-20) 

(emphasis added). Therefore, Serbinis fails to teach or suggest wherein the transition 

rules specify circumstances under which a secured document is to transition from one 

state to another, as recited in claim 1 . 

Further, Serbinis fails to disclose an access manager configured to enable a 
processor to access a process-driven security policy and determine whether access to a 
secured document is permitted by a requestor based on the policy state associated 
therewith at the time access is requested and the corresponding one or more access 
restrictions thereof for the process-driven security policy, as recited in claim 1 . The 
Examiner asserts that the above-recited access manager features recited in claim 1 are 
disclosed by Serbinis in passages in columns 8-10 (See Office Action, pages 6 and 7). 
Applicants respectfully disagree with the Examiner's contention. Although Serbinis may 
describe that an "Authorized User may then request retrieval of the document" from a 
data store "and any automatic filtering, or filtering selected by the Authorized User, may 
be performed during the document download process" before "[t]he document is then 
downloaded to the Authorized User" (Serbinis, col. 9, In. 66-col. 10, In. 4), Serbinis fails 
to teach or suggest the above-noted features of the access manager recited in claim 1. 

Therefore, for at least these reasons, the applied reference does not anticipate 
claim 1. Dependent claims 2-13, which depend upon independent claim 1, are allowable 
for at least being dependent from allowable independent claim 1, in addition to their own 
respective distinguishing features. See In Re Fine, 837 F.2d 1071 (Fed. Cir. 1988) and 
M.P.E.P. § 2143.03. 
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Independent claims 14 and 27 recite features that distinguish over the applied 
reference. For example, claim 14 as amended herein recites a method for transitioning at 
least one secured document through a security-policy state machine having a plurality of 
different states, each of the plurality of states having distinct access restrictions, the 
method comprising: 

receiving an event; 

determining whether the event causes a state transition for the at least one 
secured document from a former state to a subsequent state of the 
security-policy state machine; and 

automatically transitioning from the former state to the subsequent state 
of the security-policy state machine if the determining determines that the 
event causes the state transition. 



Claim 27 as amended herein recites, inter alia: 



detecting an occurrence of an event; 

determining whether the event causes a state transition for at least one 
secured document from a former state to a subsequent state of a security- 
policy state machine having a plurality of different states, each of the 
plurality of states having distinct access restrictions', and 
automatically transitioning from the former state to the subsequent state 
of the security-policy state machine upon determining that the event 
causes the state transition 

(emphasis added). 

Claims 14 and 27 recite a method and a computer readable storage medium, 
respectively, with distinguishing features similar to claim 1, and thus are patentable over 
Serbinis for similar reasons as discussed above with regards to claim 1 . For example, as 
discussed above with regards to claim 1, Serbinis does not teach or suggest a security- 
policy state machine having a plurality of different states, each of the plurality of states 
having distinct access restrictions, as recited in claim 14. Serbinis also fails to disclose, 
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teach or suggest, a security-policy state machine having a plurality of different states, 
each of the plurality of states having distinct access restrictions, as recited in claim 27. 

Moreover, while Serbinis may generally describe "a document state process that 
automatically modifies the state of a document instance based on its current state, the 
active date/time, and expiration date/time" (Serbinis, col. 7, Ins. 63-67), Serbinis does 
not teach or suggest automatically transitioning from the former state to the subsequent 
state of the security-policy state machine upon determining that an event causes the state 
transition, as recited in claims 14 and 27. In Serbinis* DMS system, a document instance 
transitions based upon an "expiry date" (Serbinis, col. 7, Ins. 32-37). Document instance 
states in Serbinis only transition "when the expiration time is reached", "after a pre- 
determined amount of time", or "when an Authorized User (typically the Originator) 
forces a document to expire before the expiration time" (Serbinis, col. 8, Ins. 12-29). In 
contrast, claims 14 and 27 recite, using respective language, automatically transitioning a 
secured document from a former state to a subsequent state of the security-policy state 
machine upon determining that a detected event causes the state transition. In contrast to 
the above-noted distinguishing features of claims 14 and 27, Serbinis 1 DMS system 
modifies the state of a document instance based only on the document's current state, the 
active date/time, and expiration date/time (the expiry date) (Serbinis, col. 7, Ins. 32-37 
and 63-67). 

Therefore, for at least these reasons, the applied reference does not anticipate 
claims 14 and 27. Also, at least based on their respective dependencies to claim 14, 
claims 15-20 should be found allowable, as well as for their additional respective 
distinguishing features. Accordingly, Applicants respectfully request that the Examiner 
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reconsider and withdraw the rejections of these claims, and find them allowable over the 

applied reference. 

Rejections under 35 U.S.C. §103 

Claim 10 was rejected under 35 U.S.C. § 103(a) as being allegedly unpatentable 
over Serbinis in view of U.S. Patent Publication No. 2004/0193912 to Li et ah ("Li"). 

Claims 12, 19 and 20 were rejected under 35 U.S.C. §103(a) as being allegedly 
unpatentable over Serbinis in view of U.S. Patent No. 6,341,164 to Dilkie et ah 
("Dilkie"). 

Claims 21-26 and 28 were rejected under 35 U.S.C. § 103(a) as being allegedly 
unpatentable over Serbinis in view of U.S. Patent Publication No. 2005/0028006 to Leser 
et ah ("Leser"). Applicants respectfully traverse these rejections for the reasons stated 
below. 

Claims 10, 12, 19, and 20 depend upon claim 1. As discussed above, claim 1 is 
allowable over Serbinis. Thus, claims 10, 12, 19, and 20 are allowable for at least being 
dependent from allowable independent claim 1, in addition to their own respective 
distinguishing features. See In Re Fine, 837 F.2d 1071 (Fed. Cir. 1988) and M.P.E.P. § 
2143.03. 

Regarding the Examiner's statements on page 16 of the Office Action, in which 
the Examiner asserts that the allegedly obvious combination of Serbinis and Leser 
discloses the method and computer readable medium recited in claims 21 and 28, 
respectively, Applicants disagree and traverse for the reasons stated below. 

Independent claim 21 recites, inter alia: 
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providing at least one process-driven security policy at a server computer, 
wherein the process-driven security policy is associated with a plurality 
of different states, and wherein each of the states has distinct access 
restrictions', 

providing a reference to the process-driven security policy to at a client 
computer, the reference referring to the process-driven security policy 
resident on the server computer and 
associating the reference to an electronic document 

(emphasis added). 

Claim 28 as amended herein recites, among other features: 

providing at least one process-driven security policy at a server machine, 
wherein the process-driven security policy has a plurality of different 
states associated therewith, and wherein each of the states has distinct 
access restrictions; and 

providing a reference to the process-driven security policy at a client 
machine, wherein the reference refers to the process-driven security 
policy resident on the server machine; and 
associating the reference to an electronic document. 

Claims 21 and 28 recite a method and a computer readable storage medium, 
respectively, with distinguishing features similar to claim 1, and thus are patentable over 
Serbinis for similar reasons as discussed above with regards to claim 1 . As discussed 
above with regards to claim 1, Serbinis does not teach or suggest a process-driven 
security policy is associated with a plurality of different states, and wherein each of the 
states has distinct access restrictions, as recited in claim 21. Similarly, Serbinis also fails 
to teach or suggest a process-driven security policy, wherein the process-driven security 
policy has a plurality of different states associated therewith, and wherein each of the 
states has distinct access restrictions, as recited in claim 28. 

Further, the Examiner acknowledges that Serbinis does not disclose providing a 
reference to the process-driven security policy at a client machine, wherein the reference 
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refers to the process-driven security policy resident on the server machine and 

associating the reference to an electronic document as recited, using respective language, 

in claims 21 and 28 (Office Action, page 17). 

Rather, the Examiner relies on Leser to teach or suggest these features. Leser 
does not cure these deficiencies of Serbinis with regards to claims 21 and 28. 

The Examiner asserts, to which Applicants do not acquiesce to, that Leser 
discloses the above-noted features of claims 21 and 28 and that it would have been 
obvious to "cache [the] security-policy of the system of Serbinis into the user's 
computers thereby enabling them to generate and or use protected documents] while 
they are offline" (Office Action, page 17). However, Leser is not stated by the Examiner 
to teach, nor does it teach or suggest, providing at least one process-driven security 
policy at a server machine or computer, wherein the process-driven security policy is 
associated with a plurality of different states, and wherein each of the states has distinct 
access restrictions, as recited, using respective language, in claims 21 and 28. 
Therefore, Leser cannot cure the deficiencies of Serbinis, and cannot be used to establish 
a prima facie case of obviousness with regards to claims 21 and 28. 

Thus, the allegedly obvious combination of Serbinis and Leser fails to teach or 
suggest at least a process-driven security policy, wherein the process-driven security 
policy is associated with a plurality of different states, and wherein each of the states has 
distinct access restrictions, as recited in claims 21 and 28. 

Also, claims 22-26, which depend from independent claim 21, are allowable for 
at least being dependent from allowable claim 21, in addition to their own respective 
distinguishing features. 
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Accordingly, Applicants respectfully request that the Examiner reconsider and 

withdraw rejection of these claims, and find them allowable over the applied references. 



Conclusion 

All of the stated grounds of objection and rejection have been properly traversed, 
accommodated, or rendered moot. Applicants therefore respectfully request that the 
Examiner reconsider all presently outstanding rejections and that they be withdrawn. 
Applicants believe that a full and complete reply has been made to the outstanding 
Office Action and, as such, the present application is in condition for allowance. If the 
Examiner believes, for any reason, that personal communication will expedite 
prosecution of this application, the Examiner is invited to telephone the undersigned at 
the number provided. 

Prompt and favorable consideration of this Amendment and Reply is respectfully 
requested. 

Respectfully submitted, 

Sterne, Kessler, Goldstein & Fox p.l.l.c. 




Attorney for Applicants 
Registration No. 28,458 

Date: June 29, 2009 
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